Single Sign-on for DeepSee REST API

Hi everyone! My company has a Zen ERP application with CSP delegated authentication. Now, we're developing a separated BI application, using Angular, which consumes DeepSee REST API services. Both applications access the same Caché database.

How to implement single sign-on strategy in order to allow an already authenticated ERP user to access DeepSee REST services? Has anyone already implemented something like that?

Thanks in advanced.

  • 0
  • 112
  • 1
  • 2

Answers

Hi, Jose!

I guess it's more about CSP security than DeepSee API. I think  you need to have the same session for another Caché web app.

Set up the settings for your REST web app where login cookie is checked, and the path for cookies is same for both apps.

HTH.

 

 

Not sure about delegated authentication (is it only delegated? Or with password? Details may vary depending on your exact setup), but for password authenticated web application SSO is possible by following these steps (originally written for CSP+REST web apps, but the idea is the same):

  1. All brokers effectively have Parameter UseSession = 1;
  2. REST web application and client web application allow only authenticated (i.e. password) access.
  3. REST web application and client web application have reasonable Session timeout (i.e. 900, 3600).
  4. REST web application and client web application have the same GroupById value.
  5. REST web application and client web application have the same cookie path.

If all these conditions are met, user would only consume one license slot per session and perform only one login and audit database would store only one login event per session.

 

Comments

Hi, Jose!

May I ask you, have you tried DeepSeeWeb? It's an Angular based application which is using DeepSee REST API and provides instant Angular UI for DeepSee Dashboards?